--- doc/install/linux/install.pl 2019/02/19 19:03:42 1.50 +++ doc/install/linux/install.pl 2019/05/26 22:19:35 1.53 @@ -77,7 +77,7 @@ if (!open(LOG,">>loncapa_install.log")) &mt('Stopping execution.')."\n"; exit; } else { - print LOG '$Id: install.pl,v 1.50 2019/02/19 19:03:42 raeburn Exp $'."\n"; + print LOG '$Id: install.pl,v 1.53 2019/05/26 22:19:35 raeburn Exp $'."\n"; } # @@ -833,7 +833,7 @@ sub chkconfig { sub uses_firewalld { my ($distro) = @_; - my ($inuse, $checkfirewalld); + my ($inuse,$checkfirewalld,$zone); if ($distro =~ /^(suse|sles)([\d\.]+)$/) { if (($1 eq 'sles') && ($2 >= 15)) { $checkfirewalld = 1; @@ -863,9 +863,18 @@ sub uses_firewalld { } if (($loaded eq 'loaded') || ($active eq 'active')) { $inuse = 1; + my $cmd = 'firewall-cmd --get-default-zone'; + if (open(PIPE,"$cmd |")) { + my $result = ; + chomp($result); + close(PIPE); + if ($result =~ /^\w+$/) { + $zone = $result; + } + } } } - return $inuse; + return ($inuse,$zone); } sub chkfirewall { @@ -876,19 +885,20 @@ sub chkfirewall { https => 443, ); my %activefw; - if (&firewall_is_active()) { - if (&uses_firewalld($distro)) { - my %current; - if (open(PIPE,'firewall-cmd --permanent --zone=public --list-services |')) { - my $svc = ; - close(PIPE); - chomp($svc); - map { $current{$_} = 1; } (split(/\s+/,$svc)); - } - if ($current{'http'} && $current{'https'}) { - $configfirewall = 0; - } - } else { + my ($firewalld,$zone) = &uses_firewalld($distro); + if ($firewalld) { + my %current; + if (open(PIPE,'firewall-cmd --permanent --zone='.$zone.' --list-services |')) { + my $svc = ; + close(PIPE); + chomp($svc); + map { $current{$_} = 1; } (split(/\s+/,$svc)); + } + if ($current{'http'} && $current{'https'}) { + $configfirewall = 0; + } + } else { + if (&firewall_is_active()) { my $iptables = &get_pathto_iptables(); if ($iptables eq '') { print &mt('Firewall not checked as path to iptables not determined.')."\n"; @@ -910,9 +920,9 @@ sub chkfirewall { print &mt('Firewall not checked as iptables Chains not identified.')."\n"; } } + } else { + print &mt('Firewall not enabled.')."\n"; } - } else { - print &mt('Firewall not enabled.')."\n"; } return ($configfirewall,\%activefw); } @@ -2023,9 +2033,10 @@ if ($callsub{'runlevels'}) { } if ($callsub{'firewall'}) { - if (&uses_firewalld($distro)) { + my ($firewalld,$zone) = &uses_firewalld($distro); + if ($firewalld) { my (%current,%added); - if (open(PIPE,'firewall-cmd --permanent --zone=public --list-services |')) { + if (open(PIPE,"firewall-cmd --permanent --zone=$zone --list-services |")) { my $svc = ; close(PIPE); chomp($svc); @@ -2033,7 +2044,7 @@ if ($callsub{'firewall'}) { } foreach my $service ('http','https') { unless ($current{$service}) { - if (open(PIPE,"firewall-cmd --permanent --zone=public --add-service=$service |")) { + if (open(PIPE,"firewall-cmd --permanent --zone=$zone --add-service=$service |")) { my $result = ; if ($result =~ /^success/) { $added{$service} = 1; @@ -2051,7 +2062,7 @@ if ($callsub{'firewall'}) { } unless ($current{'ssh'}) { print &mt('If you would the like to allow access to ssh from outside, use the command[_1].', - 'firewall-cmd --permanent --zone=public --add-service=ssh')."\n"; + "firewall-cmd --permanent --zone=$zone --add-service=ssh")."\n"; } } elsif ($distro =~ /^(suse|sles)/) { print &mt('Use [_1] to configure the firewall to allow access for [_2].', @@ -2078,9 +2089,19 @@ if ($callsub{'firewall'}) { 'system-config-firewall-tui -- Customize', 'ssh, http')."\n"; } else { - print &mt('Use [_1] to configure the firewall to allow access for [_2].', - 'setup -- Firewall configuration -> Customize', - 'ssh, http, https')."\n"; + my $version; + if ($distro =~ /^(redhat|centos)(\d+)$/) { + $version = $1; + } + if ($version > 5) { + print &mt('Use [_1] to configure the firewall to allow access for [_2].', + 'system-config-firewall-tui -- Customize', + 'ssh, http')."\n"; + } else { + print &mt('Use [_1] to configure the firewall to allow access for [_2].', + 'setup -- Firewall configuration -> Customize', + 'ssh, http, https')."\n"; + } } } else { &print_and_log(&mt('Skipping Firewall configuration.')."\n"); @@ -2386,9 +2407,9 @@ sub setup_mysql_permissions { if ($usesauth) { @mysql_commands = ("INSERT user (Host, User, ssl_cipher, x509_issuer, x509_subject, authentication_string) VALUES('localhost','www','','','','')"); if ($is_mariadb) { - push(@mysql_commands,"ALTER USER 'www'\@'localhost' IDENTIFIED BY 'localhostkey'"); + push(@mysql_commands,"ALTER USER 'www'\@'localhost' IDENTIFIED BY 'localhostkey'"); } else { - push(@mysql_commands,"ALTER USER 'www'\@'localhost' IDENTIFIED WITH mysql_native_password BY 'localhostkey'"); + push(@mysql_commands,"ALTER USER 'www'\@'localhost' IDENTIFIED WITH mysql_native_password BY 'localhostkey'"); } } elsif ($hasauthcol) { @mysql_commands = ("INSERT user (Host, User, Password, ssl_cipher, x509_issuer, x509_subject, authentication_string) VALUES('localhost','www',password('localhostkey'),'','','','');"); @@ -2477,10 +2498,10 @@ sub new_mysql_rootpasswd { my ($currmysqlpass,$usesauth,$is_mariadb) = @_; if ($usesauth) { if ($is_mariadb) { - return ("ALTER USER 'root'\@'localhost' IDENTIFIED WITH mysql_native_password BY '$currmysqlpass'", + return ("ALTER USER 'root'\@'localhost' IDENTIFIED BY '$currmysqlpass'", "FLUSH PRIVILEGES;"); } else { - return ("ALTER USER 'root'\@'localhost' IDENTIFIED BY '$currmysqlpass'", + return ("ALTER USER 'root'\@'localhost' IDENTIFIED WITH mysql_native_password BY '$currmysqlpass'", "FLUSH PRIVILEGES;"); } } else {